• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

External Vulnerability Scans

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Services / External Vulnerability Scans

External Vulnerability (ASV) Scans

All entities including merchants, service providers and financial institutions must get a quarterly scan completed to remain compliance with the PCI DSS standards. The table below lists the Quarterly network scan requirements for service providers by region.

Visa USA & CEMEA – Service Provider Levels and Validation Actions

Level Description Validation Action
1 All VisaNet processors (member and non-member) and all payment gateways.* 1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
2 Any service provider that is not in Level 1 and stores, processes, or transmits more than 1,000,000 Visa accounts/transactions annually. 1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
3 Any service provider that is not in Level 1 and stores, processes, or transmits fewer than 1,000,000 Visa accounts/transactions annually. 1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan

*According to Visa, payment gateways are a category of agent or service provider that stores, processes, and/or transmits cardholder data as part of a payment transaction. Specifically, they enable payment transactions (e.g., authorization or settlement) between merchants and processors (VisaNet endpoints). Merchants may send their payment transactions directly to an endpoint, or indirectly to a payment gateway.

Visa Asia/Pacific – Service Provider Levels and Validation Actions

Service Providers More than 600,000 Visa transactions per year Between 120,000 and 600,000 Visa transactions per year Less than 120,000 Visa transactions
Self assessment questionnaire Optional Mandated Mandated
Quarterly network scan Mandated Mandated Recommended
Onsite review Mandated Recommended Recommended

MasterCard – Service Provider Levels and Validation Actions

Level Description Validation Action
1 All TPPs.
All DSE’s that store, transmit, or process greater than 1,000,000 total combined MasterCard and Maestro transactions annually.
1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
2 Includes all DSE’s that store, transmit, or process less than 1,000,000 total combined MasterCard and Maestro transactions annually. 1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan

PCI Data Security Standard Compliance for Merchants

Merchant Level
Selection Criteria
Validation Actions
Validated By
1 Any merchant – regardless of acceptance channel – processing more than 6,000,000 Visa transactions per year
Any merchant that has suffered a hack or an attack that resulted in an account data compromise
Any merchant identified by any card association as Level 1
Annual On-Site Security Audit
and Quarterly Network Scan
Independent Security Assessor or Internal Audit if signed by an Officer of the company
Qualified Independent Scan Vendor
2 1 million – 6 million Visa or MasterCard transactions per year Annual PCI Self-Assessment Questionnaire
and Quarterly Network Scan
Merchant Qualified Independent Scan Vendor
3 20,000 – 1 million Visa or MasterCard e-commerce transactions per year Annual PCI Self-Assessment Questionnaire
and Quarterly Network Scan
Merchant Qualified Independent Scan Vendor
4 Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCard transactions per year Recommended Annual PCI Self-Assessment Questionnaire
and Quarterly Network Scan
Merchant Qualified Independent Scan Vendor
Note: While compliance is mandatory for Level 4 Merchants, validation is optional but strongly recommended
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices